Job Snapshot

Job Description

This is a key Compliance role within the global Information Security organization. The individual fulfilling this role will partner closely with IT professionals both within the core CIO organization and those in the Global Business Units developing and supporting technology solutions used throughout our industry. The Compliance Analyst will ensure that IQVIA technology solutions and the underlying environments they run on adhere to the corporate Information Security control framework as well as globally recognized security standards and country regulations.

To support these objectives, responsibilities of the Compliance Analyst may include maintaining and expanding the online compliance resource library, aligning security control to authoritative sources such as ISO 27001 and HITRUST, tracking remediation of open audit findings and quality issues, verifying staff training and qualification, and monitoring the accuracy of the application portfolio. This work will include designing and running various reports, coordinating the activity of accountable stakeholders, and tracking follow-up. In general, the Compliance Analyst will serve as an expert in the security controls and processes that support and enforce regulations, guidelines, policies and procedures, and supporting management in promoting and assessing compliance.

RESPONSIBILITIES

Managing a portfolio of tasks as part of the delivery of the ongoing global Information Security Compliance program

Managing and providing support to customer audits on IQVIA IT systems and technology product offerings as well as hosting third-party audits required to maintain certifications

Managing or supporting as necessary deployment, management, and maintenance of information security safeguards and their associated software related to compliance requirements

Assisting with planning, implementation and maintenance of system security administration and user access including appropriate segregation of duties based on compliance requirements

Providing support and coordination for annual testing of internal controls over financial reporting for Sarbanes-Oxley as applicable to IQVIA infrastructure and systems, including coordination of control owners’ remediation plans

Providing support and coordination for regular Service Organization Controls (SOC) audits conducted in accordance to ISAE3402 and SSAE16 professional standards

Providing support and coordination to audit and other assessment activities pertaining to regulatory frameworks related to security of healthcare information such as HIPAA, EU GDPR, Japan PrivacyMark and/or other applicable regional frameworks

Providing support and coordination to audit and other assessment activities pertaining to obtaining or ongoing maintenance or information security certification regimes such as ISO27001 or equivalent

Monitoring progress of remedial actions to ensure both regulatory issues and compliance-related information security issues are resolved and are closed in a timely manner with the root cause identified, delivering a sustainable solution

Assisting with executing an appropriate monitoring program including but not limited to: sample collateral checks of control design, sample review of control operation, review of relevant compliance metrics, and issue analysis

Engaging with and managing activities of third-party specialist service providers where necessary to support information security compliance related activities, including carrying out of special reviews, assessments and investigations

Reporting regularly to management on the status of assigned activities including issues, risks and remediation actions

Cooperating with other organizational teams in compliance activities, including internal and external audits